FCPA Compliance Audits:

Lessons From Recent Investigations Monitoring and Improving the Effectiveness of FCPA Compliance Programs

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

WEDNESDAY, DECEMBER 17, 2014

Presenting a live 90-minute webinar with interactive Q&A

Peter Viksnins, Director in the Forensic Services, PricewaterhouseCoopers, Washington, D.C.

Albert A. Vondra, Partner, PricewaterhouseCoopers, Cleveland

David A. Wilson, Partner, Thompson Hine, Washington, D.C.

Tips for Optimal Quality

Sound Quality

If you are listening via your computer speakers, please note that the quality

of your sound will vary depending on the speed and quality of your internet

connection.

If the sound quality is not satisfactory, you may listen via the phone: dial

1-866-570-7602 and enter your PIN when prompted. Otherwise, please

send us a chat or e-mail sound@straffordpub.com immediately so we can

address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality

To maximize your screen, press the F11 key on your keyboard. To exit full screen,

press the F11 key again.

FOR LIVE EVENT ONLY

Continuing Education Credits

For CLE purposes, please let us know how many people are listening at your

location by completing each of the following steps:

• In the chat box, type (1) your company name and (2) the number of

attendees at your location

• Click the SEND button beside the box

If you have purchased Strafford CLE processing services, you must confirm your

participation by completing and submitting an Official Record of Attendance (CLE

Form).

You may obtain your CLE form by going to the program page and selecting the

appropriate form in the PROGRAM MATERIALS box at the top right corner.

If you'd like to purchase CLE credit processing, it is available for a fee. For

additional information about CLE credit processing, go to our website or call us at

1-800-926-7926 ext. 35.

FOR LIVE EVENT ONLY

Program Materials

If you have not printed the conference materials for this program, please

complete the following steps:

• Click on the ^ symbol next to “Conference Materials” in the middle of the left-

hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

FOR LIVE EVENT ONLY

David A. Wilson Thompson Hine Albert A. Vondra PricewaterhouseCoopers Peter Viksnins PricewaterhouseCoopers, Washington, D.C.

• U.S. Sentencing Guidelines

• DPA/Plea Agreement terms

• US/International/UK Bribery Act Guidance

• Evolving concept of “best practices”

6

§8B2.1. Effective Compliance and Ethics Program

• The organization shall take reasonable steps— ₊ to ensure that the organization’s compliance and ethics program is followed, including

monitoring and auditing to detect criminal conduct;

₊ to evaluate periodically the effectiveness of the organization’s compliance and ethics program; and

• The organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify [program elements] to reduce the risk of criminal conduct identified through this process.

7

"Periodic review and testing of the compliance code, standards and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and [company's] compliance and ethics program, taking into account relevant developments in the field and evolving international and industry standards.“

8

• In addition to discussion of auditor obligations, SEC & DoJ mention internal audits several times in the guidance, including:

• “DOJ and SEC encourage companies engaging in mergers and acquisitions to: … conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable” (page 29)

• “As a company’s risk for FCPA violations increases, that business should consider increasing its compliance procedures, including due diligence and periodic internal audits.” (page 59)

9

“Periodic reviews of the ethics and compliance programmes or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance

10

MOJ Guidance regarding Adequate Procedures under UKBA • Principle 3: The commercial organisation assesses the nature and extent

of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.

• Principle 6: The commercial organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.

• Recent SFO guidance on self-reporting: “no guarantee that a prosecution will not follow.”

11

Compliance Program Assessment • Company-wide

• Review of program components

Risk Assessment • Company-wide or site-specific

• Identify corruption risk areas

Compliance/FCPA Audits • Site-specific

• Evaluate site’s compliance with laws and policies

• Transactional testing and interviews

12

Pfizer DPA (August 2012)

• Risk Assessments

+ Risk-based program of annual reviews of high-risk markets based on business and location

+ Five markets identified and reviewed annually

13

Each FCPA Audit shall include: • On-site visits by a team from Compliance and, when appropriate, Legal

and qualified auditors who have received FCPA and anticorruption training.

• Review representative sample of contracts, payments to government officials, healthcare providers and other high-risk transactions.

• Creation of action plans resulting from issues identified during audits with undertakings designed to enhance anticorruption compliance, repair process weaknesses, and deter violations.

• Where appropriate, feasible, and permissible under local law, review of the books and records of distributors

14

Pfizer DPA (August 2012) ($15MM Criminal Penalties, $45.2 in disgorgement and interest)

• Nine-point compliance program mandated, requiring: ₊ corporate policy against violations;

₊ application to all employees and outside parties acting on company’s behalf;

₊ appointment of responsible executives who report to Board

₊ training and certifications

₊ reporting system for violations

₊ disciplinary procedures;

₊ due diligence on agents and business partners;

₊ standard contract provisions;

₊ periodic testing of code, standards and procedures

15

• Bio-Rad NPA ($14M DOJ Fine; $41M to SEC for disgorgement and interest) – commission payments to intermediary companies (Russia) – November 2014

• HP Entities DPA & NPA ($108M to SEC and DOJ) (Mexico, Russia, Poland) – April 2014

• ADM NPA ($54M to SEC and DOJ) (Ukraine, Venezuela) – December 2013

• Weatherford International and subsidiaries DPA and Equity pleas ($252M for FCPA, export control violations) (Africa, Middle East) – November 2013

16

• In a recent SEC settlement, the regulators alleged that a company “…failed to audit and compare the distributor's margin against the end user price to ensure excess margins were not being built into the pricing structure…” and “failed to seek transparency in or audit third party payments made by distributors…”

• This case was also the first time the SEC made an FCPA Books & Records and Internal Controls charge without an attendant allegation of bribery, for “creating the potential for bribery or embezzlement.”

17

• Detect and deter violations

• Reassess risk profile

• Test compliance program effectiveness

• Satisfy government expectations

₊ Involvement of senior management

18

• A risk-based process that can be consistently and systematically applied to operations across the globe

• Appropriate depth and scope in light of resources and risks

• Cost-effective and non-disruptive to business

• Preserve privilege where appropriate

19

I. Why conduct an anti-corruption risk assessment?

II. Measuring risk factors

III. Scope of an FCPA audit

IV. Operations compliance assessment

V. FCPA Compliance – Course of action for companies

VI. Questions and answers

Note: Must overcome “head in the sand” syndrome. See Bio-Rad.

Increased danger from whistleblower potential.

20

Downside of forgoing risk assessment • Fines and Penalties

• Reputational risk

• Shareholder litigation

• Corollary prosecution

• Wasting resources on low-risk areas/focusing on the wrong areas

21

Upside of performing a risk assessment • Cost effective program

• Business partner competitive advantage

• UK Bribery Act Adequate Procedures Defense

• Insurance claims

• Industry’s Compliance Problems

• Company’s Compliance History, Audit Findings

• Senior Management – involvement and commitment

• Nature and locations of business/transactions

• Use of third parties, vendors, suppliers

• Documentation and support – books and records

• Business with government entities

22

23

GEOGRAPHY Operating locations and export destinations 2014 Transparency International Corruption Perception Index: Scores countries 1-100 scale, with 100 representing least perception of corruption and 1 being highest perception of corruption.

Other notables: Brazil – 43 India – 38 China – 36 Russia – 27 World Bank’s World Wide Governance Index: Measures regulatory quality, control of corruption, political stability, and absence of violence.

24

Top Five Score Bottom Five Score

Denmark 92 Iraq 16

New Zealand 91 South Sudan 15

Finland 89 Afghanistan 12

Sweden 87 Sudan 11

Norway 86 North Korea 8

Switzerland 86 Somalia 8

25

26

• Contacts with Government, for example ₊ Customs

₊ Immigration

₊ Tax Authorities

₊ Litigation

₊ Customers

₊ Regulators

• Industry-specific risks

• Channels to market: third parties

27

• Compliance - policies and procedures

• Third party agreements and payments

• Payments to foreign officials

• Charitable contributions/donations

• Payments - gifts, T&E, hospitality, facilitation

• Sponsorships

• Opening and maintenance of bank accounts

• Cash – petty cash/advances

• Import and export

28

• Finance and Accounting

—Discussions to be held with, but not limited to, Accounting Manager

—Analyze Chart of Accounts for other high risk accounts; and where high risk transaction could be recorded

—Analyze Local Policies and Procedures

—Payment testing

• Gifts and Hospitality

—Discussions to be held with, but not limited to, Accounting Manager

—Analyze Chart of Accounts

—Gifts

—Gratuities

—Entertainment

—Analyze Local Policies and Procedures

—Payment testing

29

• Expense Reports

+ Obtain policies regarding employee expense reimbursement

+ Determine whether reimbursements are made to non-employees

– Obtain explanation and purpose

+ Select representative reports for individuals including but not limited to

– Director, managers, sales representatives

– Examine approval and documentation for reimbursements

– Assess adequacy of documentation

– Assess validity of business purpose

– Assess compliance with expense reimbursement policies

– Identify employee reimbursements where a government official was present

+ Identify travel or other expenses paid to vendors, representatives or agents on behalf of a government official

30

• Tenders and Contracts

+ Meetings should be held with, but not limited to, head of sales and/or operations manager.

+ Obtain an understanding of company’s revenues stream

– Main customers

– Government (direct or indirect sales)

– Contracts

+ Anything of value provided

+ Tender process

– Responsibility and involvement in participation

+ Assess policies and procedures related to discounts, rebates, allowances, and commissions, and how they are recorded.

+ Contract testing

+ Payment testing

31

• Third Parties

+ Discussions should be held with personnel dealing with distributors /sales agents and others used as channels to government customers (third parties).

+ Obtain and analyze a third party listing

+ Obtain an understanding of policies related to payments to third parties

+ Is due diligence performed by Company prior to retaining third parties

– Are there periodic updates and knowledge of dealings?

+ Are there any “above average” commissions or discounts?

+ Approval process for certain third party activities.

+ Right to audit? Is it exercised?

+ Does Third Party makes disbursements on behalf of the Company? How are they reimbursed

+ Contract testing

+ Payment testing

32

• Assignment of a corporate official to oversee compliance with policies, standards, and procedures regarding anticorruption laws. Reports directly to AC and BOD.

• Issuing clear company policies (in each jurisdiction) on what constitutes unacceptable behavior and enforcing the prescribed consequences.

• Installation of a mechanism which is accessible and provides anonymity to report concerns.

• Performing frequent risk assessments/field tests/audits to determine whether employees understand company policies and testing the adequacy of existing programs and controls.

• Streamlining and integrating payment systems to easily see where, why, and how much money is being spent.

• Regularly testing payment systems and controls to gain transparency into high risk expenditures.

• Thoroughly and regularly training employees to address the enforcement of international anticorruption standards. Implementation of annual certification process for senior management.

• Routinely conducting due diligence on third parties, such as agents, sales consultants, distributors, and vendors.

• Completion of due diligence by legal, accounting and compliance prior to acquisition.

33

• Scope

• Resources

• Control

• Costs

• Access to Information

• Handling the results

• Collateral consequences

34

• Tailoring scope

• Board and senior management involvement to define scope and allocate resources (internal and external)

• Business segments; foreign subsidiaries; JVs; third parties

• Defining audit period

+ scale, resources, time to completion

35

• Many levels of audit depending on risks, audit history

• Tailor to company’s circumstances

• Define clearly up front; refine if warranted

• Draft plan before starting with goals, scope, processes, responsibilities and categories of tasks defined

• Build in accountability and reporting

36

• Disruption to business

• Costs

• Internal personnel

• External consultants, lawyers

37

• Outside auditors

• Internal audit

• Resource constraints?

• Consultants

• Counsel

• Outside lawyers have expertise but are costly

• In-house lawyers know the company but their objectivity can be questioned

• What, if any, privilege can be maintained

38

• Board/Audit Committee

• Internal audit/Compliance

• In-house counsel

• Critical component of cost-effectiveness

39

• Develop budget with input from all participants

• Break down tasks and align responsibilities with expertise

• Combine audit with training to minimize travel

• Stick to audit plan unless explicitly revised

• Reporting and accountability

40

• Local laws on privacy

• Interviews

• Email collection

• Uncooperative or reluctant employees

• Third parties

• Availability of information on agents, business partners

• Language barriers

41

• Consult local counsel on privacy issues

• Communicate goals of audit to employees

• Invoke contractual rights with third parties or revise contracts

• Must be even-handed

42

• Critical for effectiveness and credit

• Disciplinary action

• Changes in business partners

• Training

• Process changes

• Preserve information

• Reporting out

• To board/audit committee

• To government authorities (based on advice of counsel)

• Value of self-disclosure, remediation

43

• Plan for corrective action as part of audit

• Regular reporting up when issues arise

44

• Swift action is key

• Heightens need for frequent audits

• Whistleblower dangers

₊ Incentive to report before company does

• Must show company takes compliance seriously

45

• Government investigations

• Shareholder and derivative litigation

• Disgorgement and penalties

• Attorney’s fees

• Reputational damage

46

David A. Wilson Thompson Hine, Washington, D.C. 202.263.4161 David.Wilson@thompsonhine.com Albert A. Vondra PricewaterhouseCoopers, Washington, D.C./Cleveland 703.918.1534/216.363.5812 al.vondra@us.pwc.com Peter Viksnins PricewaterhouseCoopers, Washington, D.C. 703.918.1514 peter.viksnins@us.pwc.com

47